Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp383609pxj;
        Fri, 7 May 2021 10:39:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxfRJEDNd6PeWonQOcAjfUtuqoxd+Ujy7lz2ysFTFW6zGFxFDRBKcfU0RtKF/lRGRGDQCtz
X-Received: by 2002:a63:1064:: with SMTP id 36mr11287316pgq.164.1620409164531;
        Fri, 07 May 2021 10:39:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620409164; cv=none;
        d=google.com; s=arc-20160816;
        b=sX6HForxAVahYqf7jGhgUZp8CrUyzv/cUlW4+BTkaEG6rgnMQhqYiqRoZEZ+LuXjv9
         a0ausTvhv9UrtqwSraVK1yhA7+bZgQJUF11odsJWfp7DJTZXmv03Vv+zq3kUlAAAa+j3
         QJRe9KH/tjueCdOyTDnXeqBeI1lySpmXI0NvF5vt7WwgWloefUeh9sYMFhaQ+V8WI3p/
         Jtj/En9meoRKzPczozasmZ5hkKl8dtqPOpQ2pwi7JmRswiij1Y8JnOBKaPlevPrX+hmX
         3pO/bWMktD2NQsbBv24Qmzjl3cErJOxTITW73kolqL1NzpReI0jAXHfrkd8DpCHGGc/x
         HzGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:references:mime-version
         :message-id:in-reply-to:date:reply-to:dkim-signature;
        bh=VEqazMRlmbfIIn+WG70+8s+sSnlsOL4Ks0sRraeMi3w=;
        b=T5agI72au1fhpoJGgno3GtXONNwSZojlvnbh+E+n4T/N5jhFUsdquSz4K6i6dLGtP1
         fAHwFVI1fp03Tf0xTTkt3zYgFvo4kqFAJXuECDkOEsJrjPfQx4frxfX1fBI6/N2ANU5I
         rKeokW06hqcZG3ky5HaybxcIxyKkFCGE4hMVeCSxQgvikcq/eYkPE8gdoiHuiTsI3K13
         QtMX8+O6OQkaevwofyqg0fAY+zCIiStpvscNNwLHycw7sbMsP6w3awOALYmjrlZR0hbo
         NNlBHm+UcJUev6KWfOTe756KnWwSaLSjGaVhwfN268g/BoeR8cF/3HJredObSYGjgHlB
         MbQg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="KoPzAD/2";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l18si7245911plb.233.2021.05.07.10.39.12;
        Fri, 07 May 2021 10:39:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="KoPzAD/2";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238472AbhEGRA4 (ORCPT <rfc822;li.zhiang.cn@gmail.com>
        + 99 others); Fri, 7 May 2021 13:00:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33622 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238462AbhEGRAz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 7 May 2021 13:00:55 -0400
Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1544C061761
        for <linux-kernel@vger.kernel.org>; Fri,  7 May 2021 09:59:55 -0700 (PDT)
Received: by mail-qk1-x74a.google.com with SMTP id b3-20020a05620a0cc3b02902e9d5ca06f2so6623216qkj.19
        for <linux-kernel@vger.kernel.org>; Fri, 07 May 2021 09:59:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=reply-to:date:in-reply-to:message-id:mime-version:references
         :subject:from:to:cc;
        bh=VEqazMRlmbfIIn+WG70+8s+sSnlsOL4Ks0sRraeMi3w=;
        b=KoPzAD/24Udvfs3SJG4WetUnaKKUe3D0ar4Ivq2GQhThmRCDu9l3O7QsQNtw++wfHh
         65iBehtJpcXdNz3xkh/Ix9UCiyymzFgug1Sg+w/mb0ROVv7JPh5UYcyQti4LU6jfe7g7
         dtGAhaS6Sdo4ly9Q4bDmaT2UK0xrMhaghZ4W6ykzK5nrIdB8+UzANZ9GUfXcQl648dw9
         R7NFiAxmDheyavR+Pr4wT+sSwHDWTZAaDA+96U7yikIbrtBk7mha0v3DzFR3CjcSm/rc
         tBSFA94qgJnk3ayhcLFDYQJaZf2MJOeEO8pVot6E2fQd8w99wXF/+Zkjmb3dhWAVuY+R
         exnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:reply-to:date:in-reply-to:message-id
         :mime-version:references:subject:from:to:cc;
        bh=VEqazMRlmbfIIn+WG70+8s+sSnlsOL4Ks0sRraeMi3w=;
        b=md7Jc1pHSU44E72SBwBFY5PX2Njw6LMbNU8q7R/wsmz4V/SQPBaDBlRPkiP+bbz7Ag
         VUoHFPoa3cMbAw+owJ/cN9yawtbqi1bEysu0MzRYWb/irwrK2ubtPD3RxAgysWB40QWT
         c8w1YgmoB0mT6olrWd2JkTERhvPSQVu/ThX+Nlzixaghhtv9+JNNIsIc6K/j1xtQbKAh
         xYzNOMggY96lqroaWR4/hV8yD8ysTX5wThFWV2aXk4RxVZmZAxZ+cmMnepbWyYaM5XEY
         3KadVSn3Ebqs+duR9EyhjB0ZlorW+zRkzpSNc8coMTF+U19dbuZu/Qv66mj9nvZslDym
         d4Iw==
X-Gm-Message-State: AOAM531J9L2iue+4XZrR1Y3E4qJ+I7EgNaajbyuWhhNmu2S7fTlkcrgf
        X2d+UuhCZZ06XWLG3AZW22jJxPHfOmQ=
X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:f:10:7352:5279:7518:418f])
 (user=seanjc job=sendgmr) by 2002:ad4:4e44:: with SMTP id eb4mr10683142qvb.3.1620406794805;
 Fri, 07 May 2021 09:59:54 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date:   Fri,  7 May 2021 09:59:46 -0700
In-Reply-To: <20210507165947.2502412-1-seanjc@google.com>
Message-Id: <20210507165947.2502412-2-seanjc@google.com>
Mime-Version: 1.0
References: <20210507165947.2502412-1-seanjc@google.com>
X-Mailer: git-send-email 2.31.1.607.g51e8a6a459-goog
Subject: [PATCH 1/2] KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
From:   Sean Christopherson <seanjc@google.com>
To:     Paolo Bonzini <pbonzini@redhat.com>
Cc:     Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Peter Gonda <pgonda@google.com>,
        Maxim Levitsky <mlevitsk@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

For protected guests, a.k.a. SEV-ES guests, update KVM's model of EFER
when processing the side effect of the CPU entering long mode when paging
is enabled.  The whole point of intercepting CR0/CR4/EFER is to keep
KVM's software model up-to-date.

Fixes: f1c6366e3043 ("KVM: SVM: Add required changes to support intercepts under SEV-ES")
Reported-by: Peter Gonda <pgonda@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/svm.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index a7271f31df47..d271fe8e58de 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -1696,15 +1696,17 @@ void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
 	u64 hcr0 = cr0;
 
 #ifdef CONFIG_X86_64
-	if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) {
+	if (vcpu->arch.efer & EFER_LME) {
 		if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
 			vcpu->arch.efer |= EFER_LMA;
-			svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
+			if (!vcpu->arch.guest_state_protected)
+				svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
 		}
 
 		if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
 			vcpu->arch.efer &= ~EFER_LMA;
-			svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
+			if (!vcpu->arch.guest_state_protected)
+				svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
 		}
 	}
 #endif
-- 
2.31.1.607.g51e8a6a459-goog